While previous "attacks" on jailbroken iPhones were benign, a variation of the …

Share this story

If you didn't heed previous warnings to secure your jailbroken iPhone, you may be in for some serious trouble. Computer security firm Intego has identified the first known truly malicious code which targets jailbroken iPhones with default root passwords.

The latest in a string of recent attacks, iPhone/Privacy.A uses a technique similar to previous hacks. The malware scans for phones on a given network with an open SSH port, then attempts to log in using the default root password that is the same on all iPhones. Unlike the previous versions, which merely replaced the wallpaper image to alert users that they have been cracked, the new version silently copies personal data—"e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app." It then sends the data back to the machine running the software.

Intego says that its VirusBarrier X5 can identify and remove the software if it's installed on a Mac, but the tool can also be installed on a Windows or Linux PC, or even another iPhone. "This hacker tool could easily be installed, for example, on a computer on display in a retail store, which could then scan all iPhones that pass within the reach of its network," warned Intego in a statement. "Hackers could even install this tool on their own iPhones, and use it to scan for jailbroken phones as they go about their daily business."

Of course, non-jailbroken iPhones are completely unaffected by this malware. Likewise, jailbroken iPhones without a running SSH daemon won't be affected either. If you do activate SSH on your jailbroken iPhone, be sure to take the warning to change the default passwords for both the "root" and "mobile" users seriously.